State ModelBased Approaches I Software Specification Lecture 39

1
(State) Model-Based Approaches I Software
SpecificationLecture 39

• Prepared by
• Stephen M. Thebaut, Ph.D.
• University of Florida

2
Overview

• Algebraic specification involves specifying
  object operations in terms of their
  inter-relationships.
• This can be cumbersome when operations depend on
  object state (i.e., previous operations).
  Consider axiom 6 of the ARRAY specification.
• (State) Model-Based specification exposes system
  state and defines operations in terms of changes
  to that state.

3
Model-Based Approaches/Languages

• Specification via Pre- and Post-Conditions
• Predicates are defined over a programs state
  variables to reflect its intended functional
  behavior.
• Specification using Z (pronounced Zed)
• A mature notation for defining constraints and
  operations on state variables that incorporates
  informal descriptions and graphical highlighting.

4
Pre-and Post-Conditions

• The functional requirements of a program may be
  specified by providing
• an explicit predicate on its state before
  execution (a pre-condition), and
• an explicit predicate on its state after
  execution (a post-condition).
• This serves to highlight the distinction between
  assumptions that an implementer is allowed to
  make, and obligations that must be met.

5
Pre-and Post-Conditions (contd)

• The language of pre- and post-conditions is the
  predicate calculus.
• Predicates denote properties of program variables
  or relations between them.

6
What is the Predicate Calculus?(A Brief Tutorial)

• Propositions and Propositional Logic
• Truth Tables
• Equivalence
• Predicates
• The Predicate Calculus

7
Propositions

• A proposition, P, is a statement of some alleged
  fact which must be either true or false, and not
  both.
• Which of the following are propositions?
• elephants are mammals
• France is in Asia
• go away
• 5gt4
• Xgt5

8
Propositional Logic

• Propositional Logic is a formal language that
  allows us to reason about propositions.
• The alphabet of this language is
• P, Q, R, ..., ?, V, ?, ?,
• P, Q, R,... denote the truth values of simple
  propositions.
• The other symbols, usually referred to as
  connectives, provide ways in which compound
  propositions can be built from simpler ones.

9
Truth Tables

• Truth tables provide a concise way of giving the
  meaning of compound forms in a tabular form.
• Exercise 1 Complete the truth table below to
  show all possible interpretations for the
  following sentences A?B, A?B, and AVB.

10
Truth Tables (contd)

• A B A A?B AVB
• T T
• T F
• F T
• F F

F
T
T
F
F
F
T
T
T
T
T
T
11
Equivalence

• Two sentences are said to be equivalent if and
  only if their truth values are the same under
  every interpretation.
• If A is equivalent to B, we write A B using the
  metasymbol .
• Exercise 2 Use the truth table of Exercise 1
  to show
• (A ? B) (A V B)

12
Truth Tables (contd)

• A B A A?B AVB
• T T
• T F
• F T
• F F

F
T
T
F
F
F
T
T
T
T
T
T
13
Equivalence (contd)

• Many users of logic slip into the habit of using
  ? and interchangeably.
• However, A ? B is written in the full knowledge
  that it may denote either True or False in some
  interpretation.
• Whereas A B is an expression of a fact
  i.e., the writer thinks it is true.

14
Predicates

• Predicates are expressions containing one or more
  free variables (place holders) that can be filled
  by suitable objects to create propositions.
• For example, instantiating the value 2 for X in
  the predicate Xgt5 results in the (false)
  proposition 2gt5.
• Note that a predicate itself has no truth value
  it expresses a property or relation using
  variables.

15
Predicates (contd)

• There are TWO ways in which predicates can give
  rise to propositions
• (1) As illustrated above, their free variables
  may be instantiated with the names of specific
  objects, and
• (2) They may be quantified. Quantification
  introduces two additional symbols ? and ?.

16
Predicates (contd)

• ? and ? are used to represent universal and
  existential quantification, respectively.
• ?x ? duck(x) represents the proposition every
  object is a duck.
• ?x ? duck(x) represents the proposition there
  is at least one duck.

17
Predicates (contd)

• For a predicate with two free variables,
  quantifying over one of them yields another
  predicate with one free variable, as in
• ?x ? Q(x,y) or ?x ? Q(x,y)

18
Predicates (contd)

• Where appropriate, a domain of interest may be
  specified which contains the objects for which
  the quantifier applies.
• For example,
• ?i ? 1,2,...,N ? Aigt0
• represents the predicate the first N elements
  of array A are all greater than 0.

19
Predicate Calculus

• The addition of a deductive apparatus gives us a
  formal system permitting proofs and derivations
  which we will refer to as the predicate calculus.
• The system is based on providing rules of
  inference for introducing and removing each of
  the five connective symbols plus the two
  quantifiers.

20
Predicate Calculus (contd)

• A rule of inference is expressed in the form
• A1, A2 , ..., An
• _______________
• C
• and is interpreted to mean
• (A1 ? A2 ? ... ? An ) ? C

21
Examples of Deductive Rules

• A ? B
• ________
• A
• A
• _______
• AVB

A ________ A A, A ? B __________ B
22
Examples of Deductive Rules (contd)

• A ? B
• __________
• A ? B
• A ? B, B ? A
• _______________
• A ? B

?x ? P(x) ___________________ P(1), P(2), ,
P(n)
23
Specification Via Pre- and Post-Conditions

• Pre-condition expresses properties of /
  relationships among program variables before
  program execution. An implementer may assume
  these will hold.
• Post-condition expresses obligatory properties
  of / relationships among program variables after
  program execution. An implementer must make it
  so.

24
Exercise 3

• For each of the following, give appropriate pre-
  and post-conditions for the function described.
• Set variable MAX to the maximum value of two
  integers, A and B.
• Set variable MIN to the minimum value in the
  unsorted, non-empty array A1N.
• Set variable SUM to the sum of the elements in
  array A1N.

25
Exercise 3 (contd)

• Given three arrays A1N, B1N, and C1N,
  set each element of A equal to the sum of the
  corresponding elements of B and C.
• Set variable NPRIME to true if N is prime and to
  false otherwise.
• Set variable Y to the greatest common divisor of
  integers A and B.

26
Exercise 3 (contd)

• Set variable R to the remainder of dividing A by
  D.
• Set variable I to the index of the first instance
  of Y in the array A1N.
• Perform integer subtraction using the arithmetic
  primitive "subtract 1" and a while loop. Let M
  be the minuend, S be the subtrahend, and D be the
  difference. Assume that the subtrahend is
  nonnegative.

27
Sample Solutions

• Set variable MAX to the maximum value of two
  integers, A and B.
• pre-condition
• post-condition

(What can the implementer assume will be true
before execution?)
(What must the implementer make true after
execution?)
28
Sample Solutions

• Set variable MAX to the maximum value of two
  integers, A and B.
• pre-condition
• post-condition
• (MAXA ? A?B) V (MAXB B ? A)
• ? AA ? BB
• (Note that A denotes the initial value of
  variable A.)

true
MAXA V MAXB
29
Sample Solutions (contd)

• Set variable MIN to the minimum value in the
  unsorted, non-empty array A1N.
• pre-condition
• post-condition

What does unsorted mean?
Ngt0
?j ? 1,2,...,N ? MIN ? Aj
? ? x ? 1,2,...,N ? AiMIN
? AA
30
(State) Model-Based Approaches I Software
SpecificationLecture 39

• Prepared by
• Stephen M. Thebaut, Ph.D.
• University of Florida